Articles

SCADA system security vulnerabilities

Supervisory Control and Data Acquisition (SCADA) systems have been used to control our critical infrastructure for years now, however, it is now becoming clear that these systems are inherently insecure which could lead to a significant impact if exploited. Experts have known for a long time that these systems are not designed with security in mind and in the past this has not been an issue, however, as systems are fast becoming connected to the Internet in an attempt to make these systems ‘smarter’, legitimate attack paths are opening up rapidly.

With discovery websites such as Shogun up and running, any member of the public can identify these types of systems connected to the Internet. Once identified, the attacker can download a simple exploit kit and attack any number of these systems to cause disruption or damage. Although this sounds theoretical, it is very much a reality now and experts are highly concerned about SCADA attacks becoming prevalent in the not too distant future. So what are some of the vulnerabilities found in SCADA systems? And how can these be mitigated?

Removable Media

The age old vulnerability is very much alive in SCADA systems as well. In scenarios where there is no route from the corporate domain to the SCADA system, the only method of file transfer is via removable media such as USB sticks. However, as in any scenario, connecting un managed media with no form of anti malware scanning is risky.

This is the main method of malware propagation onto operational systems and represents a significant risk to the critical infrastructure. As many reading this article will remember this was the route that Stuxnet took when infecting SCADA systems.

Increased Connectivity

As already touched on, the increased connectivity has opened up SCADA systems to a number of attack paths. With connections to both the corporate network and Internet now common in control systems, attackers are able to route through to the control system and identify vulnerabilities on the systems themselves. As control systems will operate on machines with operating systems, there are obviously vulnerabilities at the operating system and application layer. Even worse, as the systems are operational they essentially cannot be patched as this would bring downtime, which is unacceptable.

Open Source Tools

One of the biggest threats to SCADA systems is the fact that they are so highly publicized as being vulnerable. Because of this, hackers have targeted these types of systems by developing exploit kits and websites such as Shogun that show Internet connected SCADA systems. Hackers of these systems are no longer sophisticated programmers but actually script kiddies that utilize point and click packages to disrupt operational environments.

Operational Environment

As briefly mentioned, another big vulnerability in these type of systems stems from the need to maintain 100% availability at all times. This impacts maintenance times as patching of components is not possible due to the demands of the environment. This also means that active vulnerability scanning is troublesome, especially where this could put additional load or strain on the system. Similarly, this type of testing can be compared with DDoS attacks, that SCADA systems are also vulnerable to. Configuration management is complicated in environments such as this.

Insecure Protocols

As stated, SCADA systems were not designed with security in mind. Originally, these types of systems were used in closed environments with no access to communication channels. Communications are based on insecure protocols that do not use any form of encryption or protection. Communication paths can be sniffed relatively easily and sessions hijacked.